We use devise on our rails app in order to deal with sign-in and authentication. Basically, the process is quite straightforward: you sign up, get the confirmation email with the link pointing to a route such as path/page/confirm/token. Once authenticated, the user is redirected to page/login in order to enter his login/password and access the service.
Right now, we would like to login automatically the user that clicks this link right after he reaches the page/confirm/token.
I've been investigating, and it seems like a method that was initially used by people after devise 3.1 to have this behavior:
config.allow_insecure_sign_in_after_confirmation = true
I was planning to use this in the initializers/devise.rb, but unfortunately it also seems like it have disappear from devise methods, I ran these commands on console to check:
gem install devise
pry
require 'devise'
Devise.methods
... no allow_insecure_sign_in_after_confirmation method there.
I might try to do this manually in the confirmation controller with something custom like:
def show
u = User.find_by(confirmation_token: params[confirmation_token])
sign_in(u)
end
But unfortunately, again, it's not working as expected.
Any input is appreciated.
